postbox

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly calls and ingests user-generated Postbox API content (e.g., GET /api/forms/{id}/submissions, GET form/schema discovery, and knowledge_base content) as part of required workflows in SKILL.md and references/api.md, and that content is used to drive actions like summarization, smart-reply drafting, spam decisions, and agent discovery — exposing the agent to untrusted third-party input that could carry indirect prompt-injection.